Apache modsecurity module.
ModSecurity is an open-source intrusion detection and prevention engine for web applications. It can also be called as web application firewall. It operates embedded into the web server, acting as a powerful umbrella and shielding applications from attacks.
Installation of modsecurity.
You can get the latest stable release of modsecurity from http://www.modsecurity.org/download/. In this article, we will install modsecurity on Apache as a DSO module.
1. Unpack the distribution.
tar –xzf modsecurity-apache_2.6.6.tar.gz
2. Compile the module using apxs.
/usr/local/apache/bin/apxs –cia mod_security.c
Configuration of modsecurity.
ModSecurity configuration directives are added to your configuration file (typically httpd.conf) directly. These directives can be enclosed in a container tag. This allows Apache to ignore the configuration directives when the module is not active.
# mod_security configuration directives
But, it is better to include a separate modsecurity.conf for mod_security rules which will make us easier to handle it. This can be accomplished by adding the following line in Apache configuration file, httpd.conf:
Turning On Filtering Requests.
The filtering engine is disabled by default. To start monitoring requests, add the following to your configuration file:
Supported parameter values for this parameter are:
• On – analyse every request
• Off – do nothing
• DynamicOnly – deprecated as of 1.9.3
Some other basic configuration directives are:
• SecFilterScanPOST: When On, enables scanning the request body/POST payload.
• SecFilterScanOutput: When On, enables scanning the response body also.
• SecFilterCheckURLEncoding: To check URL encoding.
• SecRequestBodyAccess: To control request body buffering.
• SecresponseBodyLimitAction: To control what happens once the response body limit is reached.
• SecResponseBodyLimit: To specify the response body buffering limit.
Finally, you need to stop and start Apache for mod_security to make it active.
There are lots more ways you can configure mod_security for better web server security.